A Security Architecture for Protecting LAN Interactions

Abstract

This paper describes a security architecture for a LAN. The architecture uses the 802.1X access control mechanisms and is supported by a Key Distribution Centre built upon an 802.1X Authentication Server. The KDC is used, together with a new host identification policy and modified DHCP servers, to provide proper resource allocation and message authentication in DHCP transactions. Finally, the KDC is used to authenticate ARP transactions and to distribute session keys to pairs of LAN hosts, allowing them to set up other peer-to-peer secure interactions using such session keys. The new, authenticated DHCP and ARP protocols are fully backward compatible with the original protocols; all security-related data is appended to standard protocol messages.